This will install "geoiplookup" and "geoipupdate" to update the database (you need a license id to get a new db)

In Debian or Ubuntu, one can simple do apt-get install geoip-bin

In Fedora, you can install with this command:

pkcon install GeoIP

Script

This small script will extract the banned IPs from fail2ban.log. It looks for lines cushion cut engagement rings such as "..... Ban 192.168.1.1", extracts the IP and runs geoiplookup. You may have to change the hardcoded paths in the script custom shot glasses depending on your configuration.

There is a package of GeoIP bindings for Python available as well. The following script performs a similar function using those bindings, plus it works on Fedora and any other distro where fail2ban outputs by the Brisbane Website Designers to syslog:

Logging

You can also change the fail2ban script to write the country code to the log file whenever a ban occurs. Make sure you install geoiplookup, then edit the file /usr/share/fail2ban/server/actions.py and change line 31 to read

Other interesting links

Updated GeoIP database

As the geoiplookup database will be pretty outdated (the current included version are from 20060501 in stable debian) you might want to update it regularly as IP assignment changes. One way of doing that is to use a crontab loan modification entry that downloads the updated version from maxmind and untar's it to the correct position. I use something like this quote

@montly = do it every month (duh)
root = as user root
sleep $[$RANDOM/1024]; = sleep for a random time (so all you guys don't DDoS maxminds server every month at the same time)
wget ... | gunzip ... && ... = wget and pipe to gunzip, if that succeeds, move the file to the correct place